package filter;

import util.JwtUtil;
import org.apache.shiro.web.filter.authz.RolesAuthorizationFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.RequestMethod;
import util.ParameterUtils;
import util.ResponseBean;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * 角色限制
 */
public class ShiroRolesAuthorizationFilter extends RolesAuthorizationFilter {

    private static final Logger logger = LoggerFactory.getLogger(ShiroRolesAuthorizationFilter.class);

    /**
     * 权限不足，拒绝访问的时候
     * @param request
     * @param response
     * @return
     * @throws IOException
     */
    @Override
    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException {
        logger.debug("-----------权限不足，拒绝访问的时候-----------");
        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
        HttpServletResponse httpServletResponse = (HttpServletResponse) response;
            //处理预请求
        if (httpServletRequest.getMethod().equals(RequestMethod.OPTIONS.name())) {
            httpServletResponse.setStatus(HttpStatus.OK.value());
            return true;
        } else {
            JwtUtil.responseError(request,response, ResponseBean.HTTP_CODE_ORBIDDEN,"权限不足",null);
            return false;
        }
    }
}
